Archive

Category Archives for "Networking"

Save the Address, Save the Cloud (KubeVirt VM Migration Story)

Kubernetes is built for containers, and it’s been doing that since it used to run docker as an engine for its containers. But what if you want to add VMs to the mix? After all, containers are ephemeral and don’t require fixed IPs as they shift the identity toward labels, but VMs on the other hand are tied to IP addresses and in some cases MAC addresses.

This brings us to this blog about VM migration and IP preservation. Unlike a pod that can be part of a deployment and run in a swarm of stateless endpoints, a VM is a stateful machine run by hypervisor like QEMU and extended to Kubernetes via KubeVirt Custom Resource Definitions (CRDs).

There Is Something About KubeVirt

KubeVirt is an abstraction layer between the underlying hypervisor (QEMU) on your machine and Kubernetes. Its job is to manage a VM’s lifecycle and provide the necessary requirements for a VM to be a native resident in Kubernetes. These requirements are CPU, Memory, Networking, etc.

KubeVirt does this by wrapping each VM in an ordinary Kubernetes pod called virt-launcher. Inside that pod, KubeVirt runs libvirt and QEMU, and the “VM” is really just a process scheduled, networked, Continue reading

Introducing Meerkat: an experiment in global consensus

Many internal services at Cloudflare need to read and modify the same control-plane state from across our 330+ global data centers. They need guarantees that different readers never see inconsistent state, and that the system remains available for writes even when some data centers or links fail.

But Cloudflare’s network runs across the entire Internet, and the Internet is an unpredictable place. Servers and data centers go down. Queues fill up. Links and cables get cut. These conditions make it difficult to run a globally available data system that guarantees strong consistency (e.g., that all readers are guaranteed to read all prior writes) because hostile conditions hinder distributed system replicas’ ability to reliably synchronize data with one another.

One way to synchronize data safely despite adverse network conditions is via a consensus algorithm, which allows a set of machines to agree on the same sequence of values, such as key-value store put and get operations, as long as a majority remains alive and able to communicate. 

Unfortunately, commonly deployed consensus algorithms like Raft suffer in wide-area networks like Cloudflare’s because they rely on leaders and timeouts. The leader is the only replica allowed to make writes, and Continue reading

Mengenal Mantis Shrimp: Pukulan Tercepat di Dunia Hewan

Ikan mantis shrimp menjadi salah satu makhluk laut yang paling menarik untuk dipelajari saat ini, terutama karena kemampuannya yang luar biasa dalam dunia hewan. Dengan pukulan tercepat di antara semua spesies hewan, mantis shrimp menarik perhatian para ilmuwan dan penggemar biologi di seluruh dunia. Fenomena ini tidak hanya unik dalam hal kekuatan, tetapi juga dalam mekanisme biologis dan perilakunya yang kompleks. Artikel ini akan membahas secara mendalam tentang mantis shrimp, mulai dari biologi, keunikan pukulannya, hingga relevansinya dalam penelitian dan aplikasi teknologi terbaru.

Apa Itu Mantis Shrimp?

Mantis shrimp adalah hewan laut yang termasuk dalam ordo Stomatopoda. Meskipun namanya mengandung kata “shrimp” (udang), ikan mantis shrimp sebenarnya jauh berbeda dari udang biasa karena memiliki bentuk tubuh dan perilaku yang unik. Hewan ini dikenal dengan warnanya yang cerah dan cakar yang sangat kuat, yang digunakannya untuk berburu dan mempertahankan diri di habitat alaminya, yaitu perairan hangat di sepanjang terumbu karang tropis dan perairan dangkal pantai.

Keistimewaan utama dari mantis shrimp ini adalah kemampuan pukulannya yang sangat cepat dan kuat, yang menjadi fokus utama banyak studi terkini. Mereka mampu menghasilkan pukulan dengan kecepatan dan tenaga yang melebihi banyak predator lain di lautan.

Mantis Shrimp dan Pukulan Tercepat di Dunia Hewan

Fenomena paling Continue reading

Mengenal Fenomena Ballistosporic: Spora Jamur Terlempar Jauh

Fenomena ballistosporic rain menjadi salah satu misteri alam yang sedang banyak diperbincangkan di kalangan ilmuwan dan pengamat alam saat ini. Fenomena ini merujuk pada proses di mana spora jamur secara aktif terlepas dan terlempar jauh dari tubuh jamur induknya melalui mekanisme khusus yang mirip dengan “hujan” spora. Keunikan dan kompleksitas proses ini tidak hanya menarik perhatian dari sisi ekologi, tetapi juga memiliki implikasi penting dalam pemahaman penyebaran jamur dan konsekuensi ekosistem yang lebih luas.

Apa Itu Fenomena Ballistosporic Rain?

Pada dasarnya, ballistosporic rain menggambarkan proses pelepasan spora jamur secara masif dan tersebar luas ke lingkungan sekitarnya sehingga menciptakan kesan “hujan spora.” Kata kunci ballistosporic merujuk pada mekanisme pelemparan spora yang menggunakan gaya fisik tertentu dari organ reproduksi jamur, terutama basidium yang ada pada jamur basidiomycetes.

Selama periode terbaru, penelitian telah memperlihatkan bahwa spora tidak hanya jatuh secara pasif, melainkan dilemparkan dengan gaya katapel alami yang memungkinkannya mencapai jarak jauh dari sumber asal. Oleh karena itu, fenomena ini berperan penting dalam distribusi genetik dan kolonisasi jamur di berbagai habitat.

Mekanisme Ballistosporic dalam Pelepasan Spora Jamur

Inti dari fenomena ballistosporic adalah kemampuan jamur untuk mengatur pelepasan spora melalui reaksi fisik dalam skala mikro. Pada saat ini, diketahui bahwa spora jamur basidiomycetes Continue reading

Cloudflare proudly joins the UK government’s Cyber Resilience Pledge

Today, the UK government launched the Cyber Resilience Pledge: a voluntary framework inviting organizations to commit to foundational cybersecurity governance, board-level accountability, and comprehensive cybersecurity coverage across supply chains. Cloudflare is proud to join the pledge’s founding cohort of signatories and continue our long-standing work with the Department of Science, Innovation and Technology (DSIT), National Cyber Security Centre, and others to shape a more secure, future-ready digital economy for the UK.

The pledge's core pillars — democratizing security, leadership accountability, and radical transparency — have been at the heart of Cloudflare since day one. Instead of approaching this framework as a new set of commitments to meet, we see it as a welcome validation from the UK government of the security philosophy and principles Cloudflare has championed for over a decade. We are glad to see the rest of the industry moving in this direction.

This pledge is an important step, and it comes at a time of significant cyber risk. In the first quarter of 2026, Cloudflare's global network blocked an average of 234 billion cyber threats every day. Recently, we mitigated a hyper-volumetric DDoS attack that peaked at 31.4 Tbps. At the end of 2025, Cloudflare Continue reading

AI Assistants Have Many Interfaces. Context Is the Real Product.

AI assistants are no longer just chat windows. The same assistant now appears as a web app, desktop app, mobile app, browser extension, IDE extension, command-line tool, local agent, and cloud worker. That is powerful, but it creates a new problem: deciding which interface to use, and keeping context alive when moving between them. This … Continue reading AI Assistants Have Many Interfaces. Context Is the Real Product.

Your Worker can now have its own cache in front of it

Today we are launching Workers Cache: a tiered cache that sits in front of your Worker, configured by a single line of Wrangler config and the same Cache-Control headers you already know.

When Workers Cache is enabled, every cacheable request to your Worker hits Cloudflare's cache first. If there's a fresh cached response, Cloudflare returns it directly — your Worker doesn't run, and you don't pay CPU time for it. On a miss, your Worker runs, and if your response is cacheable, Cloudflare stores it for the next request. The next request from anywhere on Earth can be served straight from cache.

The whole thing is one config block:

{
  "name": "my-worker",
  "main": "src/index.ts",
  "compatibility_date": "2026-05-01",
  "cache": {
    "enabled": true
  }
}

After that, you control caching the way HTTP has always wanted you to — by setting headers on your responses:

return new Response(body, {
  headers: {
    "Cache-Control": "public, max-age=300, stale-while-revalidate=3600",
    "Cache-Tag": "products,product:123",
  },
});

And when content changes, your Worker purges its own cache:

await ctx.cache.purge({ tags: ["product:123"] });

That's the whole API. There is no zone to configure, no rules engine to set up, no separate cache to provision, and no second product Continue reading

Worth Reading: More VXLAN and EVPN Labs

Ali Bahadır Coşkun continued his EVPN/VXLAN journey. Using the free netlab-powered EVPN/VXLAN labs, he finished the basic EVPN/VXLAN lab (adding EVPN control plane to VXLAN underlay), and then completed the whole VXLAN/IRB/anycast saga.

Want to do something similar? The free EVPN/VXLAN lab exercises include six VXLAN labs, almost a dozen EVPN labs, and a few EVPN designs. I might add a lab or two during the summer break.

Six AI agent SDKs for enterprise Kubernetes, compared

There’s a question we hear constantly from platform and engineering leaders right now, “which agent SDK should we standardize on for our Kubernetes clusters?”

The honest answer is that the question is slightly wrong, and the rest of this post explains why. But it’s a fair question, so let’s compare the contenders first.

If you’re an enterprise running on-premise or in your own VPC, the SDK you pick has to do two things most of the “build an agent in 20 lines” tutorials skip over. It has to run in a container you control, and it has to talk to a model you can host yourself. That second one rules out a surprising amount.

The six SDKs most people are actually using

These are the ones with the most mindshare in mid-2026. There are others, but these are the names that come up in every conversation. They sit on a rough spectrum of model freedom: most will happily run against a model you host yourself, the OpenAI SDK will too but treats that as a side path, and one of them (Anthropic’s) is tied to a single vendor’s models. I’ve ordered them with the most flexible first.

LangGraph

LangChain’s Continue reading

Chapter 3: SONiC Startup Process

Figure 3-1 illustrates a simplified SONiC container startup sequence. First, systemd reads the service unit files and evaluates their dependency and ordering directives. It then starts docker.service, making the Docker daemon available. After that, SONiC service containers are started according to the dependencies and ordering rules defined in their service unit files.

In this simplified example, database.service starts early because many SONiC services rely on the Redis databases to exchange configuration, state, and event information. Services such as pmon, syncd, and swss are then started according to their own dependencies and ordering rules. Higher-level SONiC service containers, such as bgp, lldp, teamd, and snmp, are started after the lower-level services they depend on are available.

It is also important to distinguish between host-level service management and process management inside containers. systemd is responsible for starting the host-level service units that create and manage SONiC service containers. After a container has started, the processes inside the container are launched and supervised by the container's own initialization logic, which in many SONiC containers is based on supervisord. For example, after the bgp container has started, processes such as bgpd, zebra, and fpmsyncd are started inside the container. Similarly, the swss Continue reading

Cloudflare wants to build the economic layer of the AI web

AI has changed the web right before our eyes. With Google’s AI Overviews doing the heavy lifting, publications that once owned the first page of search results are being replaced by summaries. Readers get their answer without ever clicking through. Much of the traffic has simply stopped. Cloudflare on Wednesday A year ago, Cloudflare’s pitch was practically defensive, asserting that website owners should be able to block AI crawlers. And while that still holds true, the company has pivoted to discussing building “rails” for an “agentic economy.” And it makes sense. If AI agents are already browsing the web, collecting content, and in some cases buying things, someone needs to handle the business end of how the sites they visit are compensated. Cloudflare thinks that someone should be Cloudflare. Paying for value, not visits Roughly a year ago, Cloudflare Continue reading

Your site, your rules: new AI traffic options for all customers

One year ago, we declared the first Content Independence Day, and we gave website owners the means to take back control of their content. The deal between crawlers and website owners that had held up for 30 years — we crawl you, and you get referrals — was no longer true. AI was taking everything and sending back nothing, presenting an existential threat to website owners. And so we launched a one-click "Block AI Bots" option, along with a Pay-Per-Crawl marketplace.

A lot has changed in a year. Last July, conversations around “AI bots” centered around blocking AI training without compensation, pointing to the win–lose deal where content was used for model training with no value driven back to the website owner. But a desire for more nuance has emerged: Content owners still want to be able to protect their content, and they should be compensated for the original content that they work hard to create, curate, and share. We also know that locking down content isn’t a one-size-fits-all solution; website owners want more options than resorting to “block all automation, every time.”

If you run a small site, the problem isn’t just that someone could train models Continue reading

Making AI search smarter

Search drives most experiences on the web. It's how we get things done, and how nearly everything on the web gets found — the creators, the merchants, the answer to whatever you just typed into a box. For nearly 30 years, that discovery journey ran on a simple bargain: let a search engine crawl your content, and it sends you visitors. You turned those visitors into a business — through ads, subscriptions, or just the audience itself. Being discoverable and getting paid were the same thing. A year ago, on the first Content Independence Day, we drew a line to defend that bargain in the AI era. But a line in the sand was only a first step. Since then, the prevalence of AI search in consumers’ lives has only accelerated as more than 50% of traffic online is non-human. The threat is no longer a handful of training crawlers you can block; it's search itself being rebuilt around AI answers.

Today's answer engines read your page and hand the user a summary, so the visit — and the revenue that depended on it — isn’t needed. We see it firsthand, and independent research backs it up: a 2025 Continue reading

1 2 3 3,519